automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-10-25 20:10:16 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-10-25 20:10:16 +0000
commit: bff60510087638c1556df7e25ed52b7c12020147 (patch)
tree: d35f102801827f8e53e2dba3962a6d9517894f46 /data
parent: 660fffe29cc3aaf0bdbe13df42214cdd80eef0e3 (diff)
1 files changed, 145 insertions, 148 deletions
diff --git a/data/CVE/list b/data/CVE/list
index f9c8e97509..e7f8b22b52 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2021-3904
+	RESERVED
+CVE-2021-3903
+	RESERVED
+CVE-2020-36503
+	RESERVED
 CVE-2021-43010
 	RESERVED
 CVE-2021-43009
@@ -4021,8 +4027,8 @@ CVE-2021-41773 (A flaw was found in a change made to path normalization in Apach
 	NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1
 CVE-2021-3839
 	RESERVED
-CVE-2017-20007
-	RESERVED
+CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...)
+	TODO: check
 CVE-2021-41772
 	RESERVED
 CVE-2021-41771
@@ -5343,8 +5349,8 @@ CVE-2021-41178
 	RESERVED
 CVE-2021-41177
 	RESERVED
-CVE-2021-41176
-	RESERVED
+CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with  ...)
+	TODO: check
 CVE-2021-41175
 	RESERVED
 CVE-2021-41174
@@ -5689,8 +5695,8 @@ CVE-2021-41037
 	RESERVED
 CVE-2021-41036
 	RESERVED
-CVE-2021-41035
-	RESERVED
+CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...)
+	TODO: check
 CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...)
 	NOT-FOR-US: Eclipse Che
 CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...)
@@ -6061,8 +6067,7 @@ CVE-2021-3798 [Soft token does not check if an EC key is valid]
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780
 	NOTE: Introduced with: https://github.com/opencryptoki/opencryptoki/commit/a179fd01a265a98194d9c06ec5958da1dd2ecae3 (v3.15.0)
 	NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0
-CVE-2021-40865
-	RESERVED
+CVE-2021-40865 (An Unsafe Deserialization vulnerability exists in the worker services  ...)
 	NOT-FOR-US: Apache Storm
 CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison ...)
 	NOT-FOR-US: Hestia Control Panel
@@ -6863,10 +6868,10 @@ CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plai
 	NOTE: CVE-2021-40528 got switched at some point, and CVE-2021-33560 referring to the blinding
 	NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on
 	NOTE: a query).
-CVE-2021-40527
-	RESERVED
-CVE-2021-40526
-	RESERVED
+CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the "com. ...)
+	TODO: check
+CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...)
+	TODO: check
 CVE-2021-40525
 	RESERVED
 CVE-2021-3776
@@ -10001,10 +10006,10 @@ CVE-2021-39223
 	RESERVED
 CVE-2021-39222
 	RESERVED
-CVE-2021-39221
-	RESERVED
-CVE-2021-39220
-	RESERVED
+CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+	TODO: check
+CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...)
+	TODO: check
 CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. Wasmtim ...)
 	NOT-FOR-US: wasmtime
 CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. In Wasm ...)
@@ -12182,8 +12187,7 @@ CVE-2021-3693 (LedgerSMB does not check the origin of HTML fragments merged into
 	NOTE: https://ledgersmb.org/cve-2021-3693-cross-site-scripting
 CVE-2021-3692 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...)
 	- yii <itp> (bug #597899)
-CVE-2021-38294
-	RESERVED
+CVE-2021-38294 (A Command Injection vulnerability exists in the getTopologyHistory ser ...)
 	NOT-FOR-US: Apache Storm
 CVE-2021-38293
 	RESERVED
@@ -13889,8 +13893,7 @@ CVE-2021-37626 (Contao is an open source CMS that allows you to create websites
 	NOT-FOR-US: Contao CMS
 CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4  ...)
 	NOT-FOR-US: Skytable
-CVE-2021-37624
-	RESERVED
+CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
 	- freeswitch <itp> (bug #389591)
 	NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
 CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
@@ -19503,8 +19506,8 @@ CVE-2021-35233
 	RESERVED
 CVE-2021-35232
 	RESERVED
-CVE-2021-35231
-	RESERVED
+CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...)
+	TODO: check
 CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...)
 	NOT-FOR-US: Kiwi CatTools Installation Wizard
 CVE-2021-35229
@@ -20302,28 +20305,28 @@ CVE-2021-34866
 	NOTE: Fixed by: https://git.kernel.org/linus/5b029a32cfe4600f5e10e36b41778506b90fd4de (5.14)
 CVE-2021-34865
 	RESERVED
-CVE-2021-34864
-	RESERVED
-CVE-2021-34863
-	RESERVED
-CVE-2021-34862
-	RESERVED
-CVE-2021-34861
-	RESERVED
-CVE-2021-34860
-	RESERVED
-CVE-2021-34859
-	RESERVED
+CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2021-34862 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2021-34861 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+	TODO: check
+CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2021-34858
 	RESERVED
-CVE-2021-34857
-	RESERVED
-CVE-2021-34856
-	RESERVED
-CVE-2021-34855
-	RESERVED
-CVE-2021-34854
-	RESERVED
+CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2021-34855 (This vulnerability allows local attackers to disclose sensitive inform ...)
+	TODO: check
+CVE-2021-34854 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
 CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit PDF Reader
 CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -26116,7 +26119,7 @@ CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x befor
 	NOTE: Fixed by: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
 	NOTE: Regression fix: https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
 	NOTE: Regression: https://gitlab.xfce.org/xfce/thunar/-/issues/575
-CVE-2021-3546 (A flaw was found in vhost-user-gpu of QEMU in versions up to and inclu ...)
+CVE-2021-3546 (An out-of-bounds write vulnerability was found in the virtio vhost-use ...)
 	{DSA-4980-1}
 	- qemu 1:6.1+dfsg-1 (bug #989042)
 	[buster] - qemu <no-dsa> (Minor issue)
@@ -33294,7 +33297,7 @@ CVE-2021-29766 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1,
 	NOT-FOR-US: IBM
 CVE-2021-29765 (IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obta ...)
 	NOT-FOR-US: IBM
-CVE-2021-29764 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...)
+CVE-2021-29764 (IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to s ...)
 	NOT-FOR-US: IBM
 CVE-2021-29763 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
 	NOT-FOR-US: IBM
@@ -42634,8 +42637,8 @@ CVE-2021-25979
 	RESERVED
 CVE-2021-25978
 	RESERVED
-CVE-2021-25977
-	RESERVED
+CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...)
+	TODO: check
 CVE-2021-25976
 	RESERVED
 CVE-2021-25975
@@ -44456,7 +44459,7 @@ CVE-2021-3165 (SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser
 	NOT-FOR-US: SmartAgent
 CVE-2021-3164 (ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. ...)
 	NOT-FOR-US: ChurchRota
-CVE-2021-3163 (A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attac ...)
+CVE-2021-3163 (** DISPUTED ** A vulnerability in the HTML editor of Slab Quill 4.8.0  ...)
 	NOT-FOR-US: Slab Quill
 CVE-2021-25301
 	RESERVED
@@ -45419,10 +45422,10 @@ CVE-2021-24887
 	RESERVED
 CVE-2021-24886
 	RESERVED
-CVE-2021-24885
-	RESERVED
-CVE-2021-24884
-	RESERVED
+CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage ...)
+	TODO: check
+CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to  ...)
+	TODO: check
 CVE-2021-24883
 	RESERVED
 CVE-2021-24882
@@ -45619,8 +45622,8 @@ CVE-2021-24787
 	RESERVED
 CVE-2021-24786
 	RESERVED
-CVE-2021-24785
-	RESERVED
+CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and  ...)
+	TODO: check
 CVE-2021-24784
 	RESERVED
 CVE-2021-24783
@@ -45631,8 +45634,8 @@ CVE-2021-24781
 	RESERVED
 CVE-2021-24780
 	RESERVED
-CVE-2021-24779
-	RESERVED
+CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...)
+	TODO: check
 CVE-2021-24778
 	RESERVED
 CVE-2021-24777
@@ -45641,8 +45644,8 @@ CVE-2021-24776
 	RESERVED
 CVE-2021-24775
 	RESERVED
-CVE-2021-24774
-	RESERVED
+CVE-2021-24774 (The Check &amp; Log Email WordPress plugin before 1.0.3 does not valid ...)
+	TODO: check
 CVE-2021-24773
 	RESERVED
 CVE-2021-24772
@@ -45651,8 +45654,8 @@ CVE-2021-24771
 	RESERVED
 CVE-2021-24770
 	RESERVED
-CVE-2021-24769
-	RESERVED
+CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...)
+	TODO: check
 CVE-2021-24768
 	RESERVED
 CVE-2021-24767
@@ -45701,8 +45704,8 @@ CVE-2021-24746
 	RESERVED
 CVE-2021-24745
 	RESERVED
-CVE-2021-24744
-	RESERVED
+CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12  ...)
+	TODO: check
 CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24742
@@ -45791,8 +45794,8 @@ CVE-2021-24701
 	RESERVED
 CVE-2021-24700
 	RESERVED
-CVE-2021-24699
-	RESERVED
+CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not escape  ...)
+	TODO: check
 CVE-2021-24698
 	RESERVED
 CVE-2021-24697
@@ -45865,8 +45868,8 @@ CVE-2021-24664
 	RESERVED
 CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through 1.1 does n ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24662
-	RESERVED
+CVE-2021-24662 (The Game Server Status WordPress plugin through 1.0 does not validate  ...)
+	TODO: check
 CVE-2021-24661 (The PostX &#8211; Gutenberg Blocks for Post Grid WordPress plugin befo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24660 (The PostX &#8211; Gutenberg Blocks for Post Grid WordPress plugin befo ...)
@@ -45883,8 +45886,8 @@ CVE-2021-24655
 	RESERVED
 CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24653
-	RESERVED
+CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitis ...)
+	TODO: check
 CVE-2021-24652 (The PostX &#8211; Gutenberg Blocks for Post Grid WordPress plugin befo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated us ...)
@@ -45973,8 +45976,8 @@ CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not implem
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not san ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24608
-	RESERVED
+CVE-2021-24608 (The Formidable Form Builder &#8211; Contact Form, Survey &amp; Quiz Fo ...)
+	TODO: check
 CVE-2021-24607
 	RESERVED
 CVE-2021-24606 (The Availability Calendar WordPress plugin before 1.2.1 does not escap ...)
@@ -46101,10 +46104,10 @@ CVE-2021-24546 (The Gutenberg Block Editor Toolkit &#8211; EditorsKit WordPress
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24545 (The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitis ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24544
-	RESERVED
-CVE-2021-24543
-	RESERVED
+CVE-2021-24544 (The Responsive WordPress Slider WordPress plugin through 2.2.0 does no ...)
+	TODO: check
+CVE-2021-24543 (The jQuery Reply to Comment WordPress plugin through 1.31 does not hav ...)
+	TODO: check
 CVE-2021-24542
 	RESERVED
 CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape param ...)
@@ -46159,10 +46162,10 @@ CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms W
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not escape the ti ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24515
-	RESERVED
-CVE-2021-24514
-	RESERVED
+CVE-2021-24515 (The Video Gallery &#8211; Vimeo and YouTube Gallery WordPress plugin t ...)
+	TODO: check
+CVE-2021-24514 (The Visual Form Builder WordPress plugin before 3.0.4 does not sanitis ...)
+	TODO: check
 CVE-2021-24513 (The Form Builder | Create Responsive Contact Forms WordPress plugin be ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an a ...)
@@ -46211,16 +46214,16 @@ CVE-2021-24491 (The Fileviewer WordPress plugin through 2.2 does not have CSRF c
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24490 (The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24489
-	RESERVED
+CVE-2021-24489 (The Request a Quote WordPress plugin before 2.3.5 does not sanitise, v ...)
+	TODO: check
 CVE-2021-24488 (The slider import search feature and tab parameter of the Post Grid Wo ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24487
-	RESERVED
+CVE-2021-24487 (The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF c ...)
+	TODO: check
 CVE-2021-24486 (The Simple Social Media Share Buttons &#8211; Social Sharing for Every ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24485
-	RESERVED
+CVE-2021-24485 (The Special Text Boxes WordPress plugin through 5.9.109 does not sanit ...)
+	TODO: check
 CVE-2021-24484 (The get_reports() function in the Secure Copy Content Protection and C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24483 (The get_poll_categories(), get_polls() and get_reports() functions in  ...)
@@ -46361,8 +46364,8 @@ CVE-2021-24416 (The StreamCast &#8211; Radio Player for WordPress plugin before
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24415 (The Polo Video Gallery &#8211; Best wordpress video gallery plugin Wor ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24414
-	RESERVED
+CVE-2021-24414 (The Video Player for YouTube WordPress plugin before 1.4 does not sani ...)
+	TODO: check
 CVE-2021-24413 (The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24412 (The Html5 Audio Player &#8211; Audio Player for WordPress plugin befor ...)
@@ -46427,8 +46430,8 @@ CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not saniti
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did n ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24381
-	RESERVED
+CVE-2021-24381 (The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not  ...)
+	TODO: check
 CVE-2021-24380 (The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows users t ...)
@@ -54945,8 +54948,8 @@ CVE-2021-21321 (fastify-reply-from is an npm package which is a fastify plugin t
 	NOT-FOR-US: Node fastify-reply-from
 CVE-2021-21320 (matrix-react-sdk is an npm package which is a Matrix SDK for React Jav ...)
 	NOT-FOR-US: Node matrix-react-sdk
-CVE-2021-21319
-	RESERVED
+CVE-2021-21319 (Galette is a membership management web application geared towards non  ...)
+	TODO: check
 CVE-2021-21318 (Opencast is a free, open-source platform to support the management of  ...)
 	NOT-FOR-US: Opencast
 CVE-2021-21317 (uap-core in an open-source npm package which contains the core of Brow ...)
@@ -66120,20 +66123,16 @@ CVE-2021-0943
 	RESERVED
 CVE-2021-0942
 	RESERVED
-CVE-2021-0941 [bpf: Remove MTU check in __bpf_skb_max_len]
-	RESERVED
+CVE-2021-0941 (In bpf_skb_change_head of filter.c, there is a possible out of bounds  ...)
 	- linux 5.10.28-1
 	[buster] - linux 4.19.194-1
 	[stretch] - linux 4.9.272-1
 	NOTE: https://git.kernel.org/6306c1189e77a513bf02720450bb43bd4ba5d8ae
-CVE-2021-0940
-	RESERVED
+CVE-2021-0940 (In TBD of TBD, there is a possible out of bounds write due to improper ...)
 	NOT-FOR-US: Pixel components
-CVE-2021-0939
-	RESERVED
+CVE-2021-0939 (In set_default_passthru_cfg of passthru.c, there is a possible out of  ...)
 	NOT-FOR-US: Pixel components
-CVE-2021-0938
-	RESERVED
+CVE-2021-0938 (In memzero_explicit of compiler-clang.h, there is a possible bypass of ...)
 	- linux 5.9.15-1 (unimportant)
 	[buster] - linux 4.19.171-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -66147,12 +66146,10 @@ CVE-2021-0937
 	NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
 	NOTE: https://git.kernel.org/linus/b29c457a6511435960115c0f548c4360d5f4801d
 	NOTE: Duplicate of CVE-2021-22555
-CVE-2021-0936
-	RESERVED
+CVE-2021-0936 (In acc_read of f_accessory.c, there is a possible memory corruption du ...)
 	- linux <not-affected> (Pixel or Android-specific driver)
 	NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
-CVE-2021-0935
-	RESERVED
+CVE-2021-0935 (In ip6_xmit of ip6_output.c, there is a possible out of bounds write d ...)
 	- linux 4.15.17-1
 	[stretch] - linux 4.9.258-1
 	NOTE: https://git.kernel.org/linus/2f987a76a97773beafbc615b9c4d8fe79129a7f4
@@ -66701,12 +66698,12 @@ CVE-2021-0665
 	RESERVED
 CVE-2021-0664
 	RESERVED
-CVE-2021-0663
-	RESERVED
-CVE-2021-0662
-	RESERVED
-CVE-2021-0661
-	RESERVED
+CVE-2021-0663 (In audio DSP, there is a possible out of bounds write due to an incorr ...)
+	TODO: check
+CVE-2021-0662 (In audio DSP, there is a possible out of bounds write due to an incorr ...)
+	TODO: check
+CVE-2021-0661 (In audio DSP, there is a possible out of bounds write due to an incorr ...)
+	TODO: check
 CVE-2021-0660 (In ccu, there is a possible out of bounds read due to incorrect error  ...)
 	NOT-FOR-US: Mediatek
 CVE-2021-0659
@@ -66759,16 +66756,16 @@ CVE-2021-0636 (When extracting the incorrectly formatted avi file, the memory is
 	NOT-FOR-US: UniSoc components for Android
 CVE-2021-0635 (When extracting the incorrectly formatted flv file, the memory is dama ...)
 	NOT-FOR-US: UniSoc components for Android
-CVE-2021-0634
-	RESERVED
-CVE-2021-0633
-	RESERVED
-CVE-2021-0632
-	RESERVED
-CVE-2021-0631
-	RESERVED
-CVE-2021-0630
-	RESERVED
+CVE-2021-0634 (In display driver, there is a possible memory corruption due to uninit ...)
+	TODO: check
+CVE-2021-0633 (In display driver, there is a possible out of bounds write due to an i ...)
+	TODO: check
+CVE-2021-0632 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+	TODO: check
+CVE-2021-0631 (In wifi driver, there is a possible system crash due to a missing boun ...)
+	TODO: check
+CVE-2021-0630 (In wifi driver, there is a possible system crash due to a missing boun ...)
+	TODO: check
 CVE-2021-0629
 	RESERVED
 CVE-2021-0628 (In OMA DRM, there is a possible memory corruption due to improper inpu ...)
@@ -66777,8 +66774,8 @@ CVE-2021-0627 (In OMA DRM, there is a possible memory corruption due to an integ
 	NOT-FOR-US: Mediatek
 CVE-2021-0626 (In ged, there is a possible out of bounds write due to a missing bound ...)
 	NOT-FOR-US: Mediatek
-CVE-2021-0625
-	RESERVED
+CVE-2021-0625 (In ccu, there is a possible memory corruption due to improper locking. ...)
+	TODO: check
 CVE-2021-0624
 	RESERVED
 CVE-2021-0623
@@ -66791,18 +66788,18 @@ CVE-2021-0620
 	RESERVED
 CVE-2021-0619
 	RESERVED
-CVE-2021-0618
-	RESERVED
-CVE-2021-0617
-	RESERVED
-CVE-2021-0616
-	RESERVED
-CVE-2021-0615
-	RESERVED
-CVE-2021-0614
-	RESERVED
-CVE-2021-0613
-	RESERVED
+CVE-2021-0618 (In ape extractor, there is a possible out of bounds read due to a heap ...)
+	TODO: check
+CVE-2021-0617 (In ape extractor, there is a possible out of bounds read due to a heap ...)
+	TODO: check
+CVE-2021-0616 (In ape extractor, there is a possible out of bounds read due to a heap ...)
+	TODO: check
+CVE-2021-0615 (In flv extractor, there is a possible out of bounds read due to an int ...)
+	TODO: check
+CVE-2021-0614 (In asf extractor, there is a possible out of bounds read due to an inc ...)
+	TODO: check
+CVE-2021-0613 (In asf extractor, there is a possible out of bounds read due to an inc ...)
+	TODO: check
 CVE-2021-0612 (In m4u, there is a possible memory corruption due to a use after free. ...)
 	NOT-FOR-US: Mediatek
 CVE-2021-0611 (In m4u, there is a possible memory corruption due to a use after free. ...)
@@ -67208,18 +67205,18 @@ CVE-2021-0416 (In memory management driver, there is a possible system crash due
 	NOT-FOR-US: Mediatek
 CVE-2021-0415 (In memory management driver, there is a possible information disclosur ...)
 	NOT-FOR-US: Mediatek
-CVE-2021-0414
-	RESERVED
-CVE-2021-0413
-	RESERVED
-CVE-2021-0412
-	RESERVED
-CVE-2021-0411
-	RESERVED
-CVE-2021-0410
-	RESERVED
-CVE-2021-0409
-	RESERVED
+CVE-2021-0414 (In flv extractor, there is a possible out of bounds read due to a heap ...)
+	TODO: check
+CVE-2021-0413 (In flv extractor, there is a possible out of bounds read due to a miss ...)
+	TODO: check
+CVE-2021-0412 (In flv extractor, there is a possible out of bounds read due to a miss ...)
+	TODO: check
+CVE-2021-0411 (In flv extractor, there is a possible out of bounds read due to an int ...)
+	TODO: check
+CVE-2021-0410 (In flv extractor, there is a possible out of bounds read due to an inc ...)
+	TODO: check
+CVE-2021-0409 (In flv extractor, there is a possible out of bounds read due to an inc ...)
+	TODO: check
 CVE-2021-0408 (In asf extractor, there is a possible out of bounds read due to an inc ...)
 	NOT-FOR-US: Mediatek
 CVE-2021-0407 (In clk driver, there is a possible out of bounds write due to an incor ...)
@@ -85227,8 +85224,8 @@ CVE-2020-20910
 	RESERVED
 CVE-2020-20909
 	RESERVED
-CVE-2020-20908
-	RESERVED
+CVE-2020-20908 (Akaunting v1.3.17 was discovered to contain a stored cross-site script ...)
+	TODO: check
 CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification vulnerability. Att ...)
 	NOT-FOR-US: MetInfo
 CVE-2020-20906
@@ -100588,8 +100585,8 @@ CVE-2020-14266
 	RESERVED
 CVE-2020-14265
 	RESERVED
-CVE-2020-14264
-	RESERVED
+CVE-2020-14264 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...)
+	TODO: check
 CVE-2020-14263 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...)
 	NOT-FOR-US: HCL
 CVE-2020-14262
@@ -118804,7 +118801,7 @@ CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows di
 CVE-2020-7860 (UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, ...)
 	NOT-FOR-US: UnEgg
 CVE-2020-7859
-	RESERVED
+	REJECTED
 CVE-2020-7858 (There is a directory traversing vulnerability in the download page url ...)
 	NOT-FOR-US: AquaNPlayer
 CVE-2020-7857 (A vulnerability of XPlatform could allow an unauthenticated attacker t ...)
author	security tracker role <sectracker@soriano.debian.org>	2021-10-25 20:10:16 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-10-25 20:10:16 +0000
commit	bff60510087638c1556df7e25ed52b7c12020147 (patch)
tree	d35f102801827f8e53e2dba3962a6d9517894f46 /data
parent	660fffe29cc3aaf0bdbe13df42214cdd80eef0e3 (diff)